Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts warn of active exploitation of SonicWall zero-day in the wild

Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability. Security experts from the firm NCC Group have detected “indiscriminate” exploitation of a SonicWall zero-day in attacks in the wild, ZDNet reported. NCC Group first disclosed the attacks on SonicWall devices on Sunday but did not […]

SonicWall SonicOS

Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability.

Security experts from the firm NCC Group have detected “indiscriminate” exploitation of a SonicWall zero-day in attacks in the wild, ZDNet reported.

NCC Group first disclosed the attacks on SonicWall devices on Sunday but did not provide details about the flaw exploited by the threat actors.

The experts reported the vulnerability to the security provider, they also claim to have identified the same zero-day vulnerability exploited by SolarWinds hackers to breach SonicWall’s internal network.

Anyway, SonicWall did not confirm that the vulnerability under active exploitation is the same involved in the attacks against its infrastructure.

On January, 29 SonicWall announced it is still investigating the presence of a zero-day vulnerability in the Secure Mobile Access (SMA) gateways.  

SMA gateways are used by enterprise organizations to provide access to resources on intranets to remote employees.

“As we head into the weekend, we continue to investigate the SMA 100 Series, however the presence of a potential zero-day vulnerability remains unconfirmed.” reads SonicWall’s update.

“We have also analyzed several reports from our customers of potentially compromised SMA 100 series devices.  In these cases, we have so far only observed the use of previously stolen credentials to log into the SMA devices. The SMA appliance, due to its nature and due to prevalence of remote work during the pandemic, effectively acts as a “canary” to raising an alert about inappropriate access.”

The NCC team confirmed to have demonstrated how to exploit a possible candidate for the vulnerability.

SonicWall experts pointed out that proof of concept (PoC) exploit code utilizing the Shellshock exploit shared on social media is not effective against its devices.

“We’re also aware of social media posts that shared either supposed proof of concept (PoC) exploit code utilizing the Shellshock exploit, or screenshots of allegedly compromised devices.  We have confirmed that the Shellshock attack has been mitigated by patches that we released in 2015.   We have also tested the shared PoC code and have so far concluded that it is not effective against firmware released after the 2015 patch.” continues the update. “However, we’ll continue to closely monitor any new posts and investigate new information.  This should also serve as a reminder to our customer base to always patch and keep current on internet facing devices.”

The company has released an updated security best practices guide for the SMA 100 series devices.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SonicWall)

[adrotate banner=”5″]

[adrotate banner=”13″]